Do We Really Need a Home Security Network Device ?

A friend of mine sent me a note this morning, asking if our bandwidth shaping device could provide the same type of service as this new DoJo application. Their niche is basically that you cannot trust third-party devices in your home network from being hijacked. For example, the software engineers writing the code that allows you to remote control your dishwasher from your iPhone, are likely not security experts. It is a reasonable assertion that a hacker might exploit a security hole in their software.  The Dojo will detect any smart device breaches and take action, a good idea for sure.

I spent about 20 minutes reading  and thinking about their specification and what value that provides to the home user.  And then it hit me, there is a more obvious precaution to  secure your home network that you might be overlooking.


  • Gmail in the cloud
  • Quick books in the cloud
  • Banking in the cloud
  • Facebook in the cloud
  • Google Docs in the cloud
  • Stock Trading in the Cloud

No, nothing is ever completely  secure, and certainly anything you put in the cloud can be hacked, but in my opinion, the level of security afforded by the cloud is far better than anything you can rig together on your home network.

Think about it…

Your bank spends hundreds of millions on staying ahead of hackers. You have secret pictures, secret questions that  challenge you about your second cousin’s favorite hobby.  They know when you coming from new or different IP address.

Gmail now tells you when there is a login from a non standard computer.

These modern cloud applications are about as secure as a consumer could hope for. For the same reason you should not keep wads of cash in a safe in your house, you should not keep any personal information on storage devices in your house. Let your dishwasher go hog wild, who cares. I catch hackers on my network all the time, they have hijacked a few servers to send spam and attack other consumers (my bad), but there is really nothing of interest laying around on any of my devices other than some geezer MP3 music, and my vacation photos on my iPad that nobody else wants to look at anyway.

But if you must secure important data in your home network yes go ahead and invest in a device like the Dojo, it can’t hurt, but before you do that change your habits and use the cloud whenever possible.

Art Reisman


Speed up Your Browser, Free Yourself From Java Script

This morning I read an article by Klint Finley about his experience with disabling Java Script.  I am about 8 hours into my experiment now, and here is what I have found so far.


The results were  amazing for the on-line periodicals (traditional News papers)  I like to browse through. Even with my 20 megabit Internet  connection, some of these sites are just endless piles of garbage with advertisements and videos popping up. forcing screen refreshes making the content unreadable. Some of them take so long to load, I just give up and get back to work . With Java script turned off all that changed.    I have not tested the limits on this yet, but I was able to get through a couple of these sites clicking to various articles and my delays were about 1/10 of normal, which is a significant improvement.


On the down side I found some of  the Web-based applications I depend on to be non functional.  Klint mentions issues with google Docs , but it goes farther than that. My Google Calendar did not work and neither did my Word Press or Cisco Webex. What I am doing now on my MAC laptop is keeping two browsers active.  Firefox with Java Script disabled, and Safari with it enabled, this is a good compromise and worth the effort of switching.


Editors Note: Turning off Java Script is only going to impact things you launch from a traditional browser. The pre loaded applications on your devices do not use Java Script.


Comcast at It Again, Shaping Amazon Content

Sunday night I decided I would finally try watching the Sopranos. Amazon, offers Sopranos content for $1.99 an episode, which saves me the hassle of getting a full year HBO subscription to get episodes.  First pass on my smart internet connected TV,  I could not get the Amazon stream to run at all, and so I reverted to watching it on my Laptop.  It came up on the Laptop, but the video was choppy and constantly breaking up , stalling etc.   In other words it was being throttled by Comcast.  Solution ?

I just fired up my IPvanish which hides the source of the video from Comcast, and presto was able to watch the whole episode without an issue.   If you experience content streaming problems with your National ISP try using a VPN tunnel, it has worked for me quite well.


There are other posts about this practice.

There is something rotten in the state of online streaming.

How to get access to blocked Internet Sites.


Editors Note: I completely understand why they throttle content, and have covered the economics behind this before. I just don’t like the secrecy  and deception around it, hence I will continue to publish articles when I find it.


Art Reisman


NetEqualizer News: November 2015

November 2015


Enjoy another issue of NetEqualizer News! This month, we officially release the NE5000, help you out with RTR best practices, feature a live customer NetEqualizer installation and Case Study, and ask for your assistance in our 2016 planning. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

We are awaiting our first snow here in Colorado, with our first really cold night killing off the last of the garden this past week (22F/-5C). While the garden goes to sleep, we are laying plans for next year, both in the garden and with the NetEqualizer!art

There is still time to give us feedback for 2016. If you would like to contribute to the 2016 NetEqualizer Roadmap, we welcome your ideas. Call or email us with your suggestions. And, for those of you that have already responded, THANK YOU!

This month make it official – our NE5000 powerhouse solution is ready for primetime! If you are thinking of taking your NetEqualizer solution to the next level, read more below.

twitterAnd remember we are now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know.

Email me directly at I would love to hear from you!

NE5000: Official Release

We often get quizzical looks from customers when they see our price performance numbers. Now pushing 10 Gbps line speeds and the ability to shape 60,000 users, we have heard rumblings that some analysts don’t believe our product can perform at this price point. We just ignore them, as they are mostly in the pocket of our competitors anyway.

With a list price of $22,000 USD, our new NE5000 brings bandwidth control pricing back to Earth.

How do we do it?NE5000_data_sheet

Really, it’s just old-fashioned hard work! At the core of our NetEqualizer technology lies a team of computer scientists that spend their days optimizing the algorithms and techniques to ensure high reliability and performance.

We also go against the conventional wisdom of packet classification – that is our other advantage. Packet Classification is on the way out, and there is no ignoring it any longer.

If you have not had a chance to work with us before, we encourage you to check out our new high-end model and set up a WebEx with our technical team for a demo. Click the button below to contact us!

Here is a link to our NE5000 data sheet to get you started:

The NE5000 Data Sheet


Real World RTR: Live at Morrisville State CollegeMorrisville Logo #3

When developing RTR and other NetEqualizer features, we are often using simulated data – real system testing occurs near the end of the cycle. During a recent Technical Refresh session with Rob Gaudreau of Morrisville State College, however, we got to see some exciting results from a live NetEqualizer that we wanted to share.

The first interesting graph is their General Traffic History:


This is a graph of bandwidth usage for the previous week. It’s great to see how predictable the traffic patterns are, and how useful RTR can be in seeing what occurred historically and how you can use that data to plan for the future.

The second interesting graph is their General Penalty History:


This is a graph of the number of penalties that were occurring over the previous week – the same time period used to generate the General Traffic History graph. Notice how the penalty count directly correlates with the busy times.

Those penalties are the NetEqualizer hard at work, shaping the largest connections during congested hours of the day, and letting traffic through untouched during less busy times – all without IT administrator intervention.morrisville_case_study

Morrisville State College – Case Study
We enjoyed talking to Rob so much and hearing about his experience with NetEqualizer, that we decided to turn it into a full case study so that others could hear their story. Check it out, here:

Morrisville State College Case Study

Schedule your Technical Refresh Today!
Our Technical Refreshes have been a huge success! These walkthroughs have proven valuable to both new and experienced customers. We are always enhancing our technology and interfaces, so it’s easy to get to the point where features are new and unfamiliar.

If you are current on NetEqualizer Software and Support (NSS), and you are interested in a 30-minute WebEx to see the newest interfaces and learn more about RTR, click the link below!


How Can RTR Help You? Check Out RTR Best Practices (Part 1)

RTR is great as a simple reporting tool, but it can also be much more! Below we share some helpful ways to utilize the different reports in RTR to better configure your NetEqualizer and understand your network. This is Part 1 of a two-part series – look for Part 2 next month!

1) Set up Traffic History IPs for Graphing
Use Traffic History->Manage Tracked IPs to add your internal IPs (or any other IP you care about) to the tracking system. The first step in getting the most out of RTR is telling it which IP addresses you want to track.


2) Figure out your Top Users by Monitoring Real-Time Connections
Use Active Connections->View Active Connections and sort by the Wavg column to see your top bandwidth users. Use the C and DNS options below the external IP address to learn more about the connected host (C for Country Code and DNS for NS Lookup). Use the AR and T options below the internal IPs to view rules associated with the IP (AR) and its historical bandwidth usage (T).

unnamed (1)

3) See if P2P is an Issue on your Network
Use Active Connections->View Connection Counts to see the IP addresses of users with lots of concurrent connections.

This data can help you determine any P2P users on your network and can also help you establish a baseline for implementing system-wide connection count limits.

Look for outliers and then set a limit such that almost all of your users fall below it with normal network usage. You can also copy the IP of the user with the most connections, filter the Active Connections table for that user, and then view all the different external IP addresses they are connected to.

unnamed (2)

4) See What your Bandwidth Pools are Doing Right Now
Use the RTR Dashboard to view real-time pool data. Remember, all traffic falls under “Pool 0,” so even if you don’t use pools in your network, you can use this horizontal bar graph to see when your network is Equalizing (when it passes the red line).


If you are current on NetEqualizer Software and Support (NSS), and have a question about RTR or would like a walk through, click the button below!


Help Us Set The 2016 NetEqualizer Roadmap

We have finalized our Winter Release (8.4), but there is still time to influence our 2016 Roadmap. We will start planning our Fall Release soon, and we would love to add your ideas to the release.

If you have a great idea for us, please let us know!

No idea is too “out there” – we want to solve your crunchiest, toughest networking issues. Click on the button below to email us your idea.

If you have already responded, rest assured that we have collected your feedback and added it to our Feature Request List.

Best Of The Blog

A Cure for Electronic Theft?

By Art Reisman – CTO – APconnections

What if we created a new electronic currency, a-la Bitcoin, with a twist. Let’s start by taking an idea from the Federal Government, and put a watermark on our personal funds – something unique that signifies who legally possesses the currency. Cattle ranchers do this with a brand so nobody steals their cattle. This has worked pretty well for a few hundred years, right?

With our new personal watermark, suppose somebody breaks into our bank, and wires all your money to some idiot in Russia. In today’s world, the only way to find that money is to follow the trail, and that takes a huge effort from a banking forensics person, working with International governments. The money may travel so fast it may not be possible to recover. Now, suppose the funds had an electronic tag that could not be altered by a criminal. For example currency in your possession has a public private encryption key, and only you can authorize a change in possession…

Photo Of The Month
Where was this picture taken?
Tell us and you could win a $25 gift card.
This picture was taken by a staff member during a recent college customer site visit at a cathedral. The first four people to email with the name of the college where this cathedral is located get a $25 gift card!

What is Your True Internet Speed? Are those Speed Tests Telling the Truth?

When the consumer Internet came of age back in 1990, there was never any grand plan to insure a consistent speed from one point to another. Somewhere along the line, as the Internet went from an academic tool to an essential consumer device, providers in their effort to “out market” one another began to focus on speed as their primary differentiator. By definition, the Internet is a “best effort” corroboration between providers to move your data. No one provider can guarantee a consistent Internet speed for everything you do.  They only have control over their own physical lines, and even then, there are variables beyond their control (which I will address shortly).

Let’s take a look at the speed of wired networks common to most consumers, Cable and DSL.

The physical line into your house is generally what your cable or DSL provider is talking about when they advertise your Internet speed. Essentially, how fast is the link between the providers NOC and your house. Generally you will have a dedicated line for this, and so your speed on this last mile link does not vary.

The good news is that most consumers are more concerned with watching movies, video, listening to music, etc. than they are about pulling research data of some obscure server in Serbia. Given this reality, the Industry has gotten very smart, and popular content is not hosted at some distant server, but is usually distributed locally to each provider. The best example of this is Netflix. Your Netflix content is most likely coming from a server hosted a few miles from your house in your providers NOC, and not from some grand Netflix central location.

Why is Netflix data hosted locally ?

The dirty industry secret is that your provider pays a fee when you go off their network for data. There are also potential capacity problems when you go off their network.  Is this a bad thing? No not really, it is just a matter of efficiency. We see similar practices in other product distribution models. You don’t drive to New York to pick up a toaster, there is usually one waiting for you at your nearest discount store. For the some of the same reasons, that you don’t go to New York to pick up a toaster, your provider tries to host your digital data locally when possible.

What does this mean for your Internet Speed?

It means that when you retrieve content that your provider hosts locally you are likely going to get your advertised speed. This also holds true for some speed test sites, if they are hosted within your providers network they are going to register a constantly higher speed.

What happens to your Internet speed when you go off your providers network? 

There are several factors that will effect your speed.

The main governing factor affecting speed is the capacity the of your providers exchange point.  This is a switching point where your provider exchanges data with other networks.  Depending on how much investment your provider put into this infrastructure this switching point can back up when there is more data being moved than it has capacity to handle. When this happens you get gridlock at the exchange point, and  your Internet speed can plummet.  Gridlock is always a real possibility because your provider just cannot anticipate all the content you are retrieving and sometimes it is not hosted locally.

What does my provider to to alleviate gridlock not their exchange point?

Some providers will actually lower your Internet speed when you are crossing an exchange point.  Or if their circuits are overloaded in general. I experienced this effect which I described in detail a few months ago when I was updating my IPAD.

After the exchange point the speed at which you get your data external to your providers network depends on the whims of every provider and back bone along the route. That obscure research paper from that server in Serbia , may have to make multiple hops to get out of Serbia and then onto some international back bone, and finally to your providers exchange point. There is no way anyone can anticipate at what rate this data will arrive.

How can I run a speed test that better reflects my speed out to the real Internet, by passing locally hosted speed test servers?

A few years ago we ran into this tool set that deliberately tries to retrieve all kinds of remote data to measure your true internet speed. You can also search out files hosted on obscure servers and try to download them.  Perhaps I’ll run a follow up article documenting some of my experiences.

Amusing IT Stories

Anybody that has done IT support will appreciate this post. Feel free to tell us your stories…

Early on when we first started shipping pre-built NetEqualizer units, the underlying Linux server shipped with the factory default password of “password”. The first line of our installation instructions, in big bold type, instructed customers to re-set this password. I am one of those people that will open a box, and plug things in without reading directions, so I really can’t point fingers at customers that did not reset their password. Never the less, it makes a good story…

It was only a matter time before we started getting support calls about strange behavior on our systems.

Since we had a standard customized unique setup, it was easy to tell if system files had been altered, and that is usually where hackers struck. One day, we got a call from an irate WISP. Evidently, his upstream provider had shut down his link to the Internet because he was spewing massive amounts of spam. When he tracked the spam messages down to the NetEqualizer, he actually thought we were deliberately running a rogue spam server. To this day, even though we promised it was not us, he still thinks we had a side business of rogue spam servers. We could not convince him that his box had been hacked.

For my all time favorite we have to go to southeast Asia where we had a NetEqualizer (bandwidth shaper) in place. The customer kept calling saying it was not doing anything.  We got a look at a diagnostic and were able to confirm the customers observation. He was correct, our box was not doing anything. There was clearly no traffic going through our box.  It was also clear that there was another path through the customers network, because his network was up and running fine. We pleaded with the customer to send us a diagram of some kind, but he did not believe us, and continued to blame our box for being useless. We could clearly see that neither network interface was seeing any traffic, so there was no sense trying to help him.  At this point we just refunded his money and took the unit back. Short of flying to Asia and figuring out his routing, there was nothing we could do. About 6 months later, he calls, and is desperate to re-purchase the box he returned. Turns out as we suspected all traffic was going through his wireless router, but I have no idea why it took six months to figure that out. And frankly I don’t really want to know.

Over the past 10 years we have had this scenario at least 3 times maybe more.

Caller: “I have read all the manuals, hooked up all the interfaces, but the box is not passing any traffic.”

Support: “Did you power the unit up? ”

Called: “Oh sorry I forgot that step”

In fairness to the customer, when you plug the power cord in there are some status lights that come on , but you still need to press the on/off button on the front to get it to boot up. :)

NetEqualizer News: October 2015

October 2015


Enjoy another issue of NetEqualizer News! This month, we preview more Release 8.4 features, preview our NE5000 unit, ask you to Imagine If what future features would help you, and update you on our DDoS tool. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Cool temperatures, crisp weather all mean one thing – fall has arrived in the U.S.! I am enjoying the change of season, and love the cold weather. art

Speaking of temperature, this month we talk about our NE5000 – which will have extra fans to keep it cool as well as built-in failover. You can read more about the NE5000 below. We also update you on the upcoming 8.4 Release, planned to rollout this winter. We give you a chance to influence future releases, in our Imagine If section. Also, we continue to see our DDoS tools make a difference for our customers, you can read more below…

twitterAnd remember we are now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at I would love to hear from you!

Release 8.4: Preview

We have been working hard on Release 8.4 and are excited to release the new features! Here are a couple of our favorites:

See an nslookup of a host directly below the IP address in RTR – This is a feature often requested by our customers with networks where an IP address translates to a hostname. For administrators with these networks, you’ll now be able to quickly see the hostname associated with an IP in every screen within RTR!

We’ve enhanced our messaging within RTR to help guide usage – This includes enhancements to error messages and status messages to make RTR even easier for you to use!

Look for more announcements on Release 8.4, currently planned for Dec/Jan timeframe, in upcoming newsletters.


DDoS In The Field

One of the challenges when creating a security tool is validating that it works when it really matters.

We have heard, via anonymous sources, that many of the high-dollar solutions out there create bloated, rotting piles of information, whose only purpose is to look impressive due to their voluminous output. These tools cover everything, leaving the customer to decide what to do; which is usually nothing or some misguided task.

These non-specific tools are about as useful as a weather forecast that predicts everything all the time. Rain, snow, wind, hot, cold, for everyday of the year. If you predict everything you can’t be wrong?

On the other hand, the reports from the field coming in for our DDoS tool are:

Yes, it works.
Yes, it is simple to use.
Yes, it takes action when appropriate.

We have confirmation that our DDoS tool, combined with our shaping algorithms, has kept some very large institutions up and running while under very heavy, sophisticated DDoS attacks.


The reason is simple:

We first look at the pattern of incoming packets in a normal situation. When the pattern reaches a watermark that is clearly beyond normal, we block those incoming circuits.

If needed, we can also take a softer approach, so the attacker is not aware we are throttling them. This is needed because in some situations outright blocking will alert the attacker you are on to them and cause the attacker to double-down.

When under DDoS attack you don’t need reports; you need immediate action. If you would like to discuss our solution in more detail feel free to contact us!


NE5000: Almost Ready for Primetime!
& Exciting Test Lab Results

Just a few minor tweaks and presto! Our new NE5000 will be ready to go! The test lab box is humming along with 125,000 connections per second, and pushing a sustained 8.5 Gbps up and 8.5 Gbps down without a hiccup.


There is nothing else out there on the market with that kind of shaping power close to our price point. The Layer 7 and deep packet inspection technologies are just way too CPU intensive to keep up with our price/performance curve. So what has happened since we last talked about our NE5000?

1. We revamped the Fiber Cards offered with it to take advantage of multiple CPU’s handling and processing interrupts. This boosted our speed and processing to go near line speed on 10Gig without sacrificing any shaping features.
2. Even the search features in the GUI connection table are lightning quick – running a table size of 250,000 entries!
3. It still comes standard with a DUAL power supply.
4. Failover Internal Fiber ports – there is nothing external to wire.
5. And the best part is… we lowered the list price from $30,000 to $20,000!

Now, you don’t have to create a new budget to get the security of a solid bandwidth shaper at those line speeds. Contact us if you are interested in a new unit or upgrading.


Imagine If…
What Would Help You?

As a networking tool vendor we cannot possibly figure out what is needed in the marketplace without the help of our customers! Many of our best features came directly from you!

Winter break is a time when we experiment with new exciting features and product ideas. If you get a chance, take a moment to think of that killer app that would help you, the IT administrator, with your job.


Imagine If…

There are no rules here! Feel free to be creative! Imagine a robot that goes around and does your job. What are some of the things you would want that robot to do?

Should we adopt your idea, we would also be open to sharing licensing and revenue. Please contact us with your thoughts!


Best Of The Blog

White Paper: A Simple Guide to Network Capacity Planning

By Art Reisman – CTO – APconnections

Oh, how times have changed. I noticed this article from 2010 was getting some recent traffic in our blog. If you read it carefully you’ll see that our basic advice for capacity planning is still relevant. Only, I had to laugh at the specific examples and numbers we used as they are woefully out-of-date.

After many years of consulting and supporting the networking world with WAN optimization devices, we have sensed a lingering fear among Network Administrators who wonder if their capacity is within the normal range.

So the question remains:

How much bandwidth can you survive with before you impact morale or productivity?

The formal term we use to describe the number of users sharing a network link to the Internet is contention ratio. This term is defined as the size of an Internet trunk divided by the number of users. We normally think of Internet trunks in units of megabits. For example, 10 users sharing a one megabit trunk would have a 10-to-1 contention ratio. If sharing the bandwidth on the trunk equally and simultaneously, each user could sustain a constant feed of 100 kbps, which is exactly 1/10 of the overall bandwidth…

Photo Of The Month
New England, United States
The six states that make up New England (Connecticut, Maine, New Hampshire, Vermont, Massachusetts, and Rhode Island) are beautiful in the fall. The temperatures get a little cooler and the leaves start to change color. This picture was taken on the campus of the University of New Hampshire in Durham, NH.

Get every new post delivered to your Inbox.

Join 57 other followers

%d bloggers like this: